Project

General

Profile

« Previous | Next » 

Revision ec0d9bef

Added by Renato Botelho about 15 years ago

no rdr rules shouldon't have ->, take care of nat reflection rules either

View differences:

etc/inc/filter.inc
813 813 
					$reflection_txt[] = "{$inetdport}\tdgram\tudp\tnowait/0\tnobody\t/usr/bin/nc\tnc -u -w {$reflectiontimeout} {$target} {$tda}\n";
814 814 
						$inetdport++;
815 815 
					}
816 
				$natrules .= "{$nordr}rdr on {$rdr_if_list} proto {$protocol} from {$srcaddr} to {$dstaddr} port {$rflctintrange} tag PFREFLECT -> 127.0.0.1 port {$rflctrange}\n";
816 
				$natrules .= "{$nordr}rdr on {$rdr_if_list} proto {$protocol} from {$srcaddr} to {$dstaddr} port {$rflctintrange} tag PFREFLECT" .
817 
								($nordr == "" ? " -> 127.0.0.1 port {$rflctrange}" : "") . "\n";
817 818 
				break;
818 819 
			case "tcp":
819 820 
			case "udp":
......
829 830 
					$reflection_txt[] = "{$inetdport}\t{$socktype}\t{$protocol}\tnowait/0\tnobody\t/usr/bin/nc\tnc {$dash_u}-w {$reflectiontimeout} {$target} {$tda}\n";
830 831 
					$inetdport++;
831 832 
				}
832 
				$natrules .= "{$nordr}rdr on {$rdr_if_list} proto {$protocol} from {$srcaddr} to {$dstaddr} port {$rflctintrange} tag PFREFLECT -> 127.0.0.1 port {$rflctrange}\n";
833 
				$natrules .= "{$nordr}rdr on {$rdr_if_list} proto {$protocol} from {$srcaddr} to {$dstaddr} port {$rflctintrange} tag PFREFLECT" .
834 
								($nordr == "" ? " -> 127.0.0.1 port {$rflctrange}" : "") . "\n";
833 835 
				break;
834 836 
			}
835 837 
		}
......
1151 1153 
			}
1152 1154 

  		




  1153
  1155
  
    
			if($rule['associated-rule-id'] == "pass")


  		




  1154
  
  
    
				$rdrpass = "pass";


  		




  
  1156
  
    
				$rdrpass = "pass ";


  		




  1155
  1157
  
    
			else


  		




  1156
  1158
  
    
				$rdrpass = "";


  		




  1157
  1159
  
    
			if(!$rule['interface'])


  		




  ......




  1178
  1180
  
    
			if($srcaddr <> "" && $dstaddr <> "") {


  		




  1179
  1181
  
    
				/* is rule a port range? */


  		




  1180
  1182
  
    
				if($natif)


  		




  1181
  
  
    
					$natrules .= "{$nordr}rdr {$rdrpass} on {$natif} proto {$protocol} from {$srcaddr} to {$dstaddr} -> {$target}{$localport}";


  		




  
  1183
  
    
					$natrules .= "{$nordr}rdr {$rdrpass}on {$natif} proto {$protocol} from {$srcaddr} to {$dstaddr}" . ($nordr == "" ? " -> {$target}{$localport}" : "");


  		




  1182
  1184
  
    

  		




  1183
  1185
  
    
				/* Does this rule redirect back to a internal host? */


  		




  1184
  1186
  
    
				if($dstaddr == "any" && !interface_has_gateway($rule['interface'])) {


  		












Also available in:  Unified diff